A newly disclosed Wi-Fi attack called AirSnitch exploits cross-layer identity desynchronization between Layers 1 and 2 of the Wi-Fi stack, enabling a full bidirectional machine-in-the-middle (MitM) attack. The attacker can intercept and modify all link-layer traffic regardless of whether they are on the same SSID, a different SSID, or a separate network segment on the same access point. When traffic is unencrypted, credentials, cookies, and payment data can be stolen. Even with HTTPS, attackers can perform DNS cache poisoning, exploit unpatched vulnerabilities, and correlate visited URLs via external IP addresses. The attack affects home, office, and enterprise Wi-Fi networks.
Sort: